CVE-2017-2133
https://notcve.org/view.php?id=CVE-2017-2133
SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en dispositivos de seguridad y control Panasonic KX-HJB1000 con firmware GHX1YG 14.50 o HJB1000_4.47 permite que atacantes autenticados ejecuten comandos SQL arbitrarios mediante vectores sin especificar. • http://www.securityfocus.com/bid/101583 https://jvn.jp/en/jp/JVN54795166 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-2131
https://notcve.org/view.php?id=CVE-2017-2131
Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to bypass access restrictions to view the configuration menu via unspecified vectors. Los dispositivos de seguridad y control Panasonic KX-HJB1000 con firmware GHX1YG 14.50 o HJB1000_4.47 permiten que un atacante omita las restricciones de acceso y vea el menú de configuración mediante vectores sin especificar. • http://www.securityfocus.com/bid/101581 https://jvn.jp/en/jp/JVN54795166 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-2132
https://notcve.org/view.php?id=CVE-2017-2132
Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors. Dispositivos Panasonic KX-HJB1000 Home con firmware GHX1YG 14.50 o HJB1000_4.47 permiten que un atacante elimine archivos arbitrarios en un directorio específico mediante vectores sin especificar. • http://www.securityfocus.com/bid/101584 https://jvn.jp/en/jp/JVN54795166 • CWE-20: Improper Input Validation •
CVE-2017-5151
https://notcve.org/view.php?id=CVE-2017-5151
An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution. Ha sido descubierto un problema en VideoInsight Web Client versión 6.3.5.11 y versiones anteriores. Se ha identificado una vulnerabilidad de inyección SQL, que puede permitir la ejecución remota de código. • http://www.securityfocus.com/bid/95416 https://ics-cert.us-cert.gov/advisories/ICSA-17-012-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2016-4498 – Panasonic FPWIN Pro CPlcSetting::Load Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4498
Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors. Panasonic FPWIN Pro 5.x hasta la versión 7.x en versiones anteriores a 7.130 accede a un puntero no inicializado, lo que permite a usuarios locales provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing of a project file. A specially-crafted project file will lead to execution outside of normal paths due to an uninitialized pointer dereference. • http://www.securityfocus.com/bid/90521 http://zerodayinitiative.com/advisories/ZDI-16-332 https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01 • CWE-20: Improper Input Validation •